| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Mar 2016 12:40:12 +0100 From: Ingo Molnar <mingo@...nel.org> To: Toshi Kani <toshi.kani@....com> Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>, Toshi Kani <toshi.kani@...com>, Paul McKenney <paulmck@...ux.vnet.ibm.com>, Dave Airlie <airlied@...hat.com>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-arch@...r.kernel.org, X86 ML <x86@...nel.org>, Daniel Vetter <daniel.vetter@...el.com>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Borislav Petkov <bp@...en8.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Brian Gerst <brgerst@...il.com> Subject: Re: Overlapping ioremap() calls, set_memory_*() semantics * Toshi Kani <toshi.kani@....com> wrote: > > So I'd say that since ioremap() in itself is fragile enough, we should work > > towards eliminating overlapping ranges. > > > > The thing is, the whole vmap_area logic is based around non-overlapping > > ranges, sorted into the vmap_area_root rbtree. > > > > Just check the logic in mm/vmalloc.c::alloc_vmap_area(): it's based on finding > > holes in the kernel-virtual allocations. 'Overlapping ranges' is very much not > > part of that logic, at least to my understanding. > > > > How are overlapping ioremap()s even possible with that logic? The allocator > > searches for holes, not allowing for overlaps. What am I missing? > > > > Could you outline a specific case where it's done intentionally - and the > > purpose behind that intention? > > The term "overlapping" is a bit misleading. [...] A bit? It was totally misleading ... You meant virtual aliases for the same physical address, and those of course are allowed, as long the cache attributes are compatible, that is what the whole memtype infrastructure is about, as you yourself note: > [...] This is "alias" mapping -- a physical address range is mapped to multiple > virtual address ranges. There is no overlapping in VMA. > > Such alias mappings are used by multiple modules. For instance, a PMEM range is > mapped to the kernel and user spaces. /dev/mem is another example that creates > a user space mapping to a physical address where other mappings may already > exist. > > Hence, alias mapping itself is a supported use-case. However, alias mapping > with different cache types is not as it causes undefined behavior. Therefore, > PAT module protects from this case by tracking cache types used for mapping > physical ranges. When a different cache type is requested, > is_new_memtype_allowed() checks if the request needs to be failed or can be > changed to the existing type. So where is the problem? The memtype implementation and hence most ioremap() users are supposed to be safe. set_memory_*() APIs are supposed to be safe as well, as they too go via the memtype API. > I agree that the current implementation is fragile, and some interfaces skip > such check at all, ex. vm_insert_pfn(). Most of those are really just low level interfaces for special cases that skip the memtype infrastructure. Thanks, Ingo
Powered by blists - more mailing lists